groovy (SL7)

Synopsis: Important: groovy security update
Advisory ID: SLSA-2017:2486-1
Issue Date: 2017-08-17
CVE Numbers: CVE-2016-6814

Security Fix(es):

* It was found that a flaw in Apache groovy library allows remote code
execution wherever deserialization occurs in the application. It is
possible for an attacker to craft a special serialized object that will
execute code directly when deserialized. All applications which rely on
serialization and do not isolate the code which deserializes objects are
subject to this vulnerability. (CVE-2016-6814)


– Scientific Linux Development Team